NovaCloud POPIA Compliance Statement
At NovaCloud, the protection of personal information is a fundamental part of our business operations. We are fully committed to complying with the Protection of Personal Information Act, 4 of 2013 (POPIA), ensuring that the personal information of our clients, employees, and partners is collected, processed, stored, and safeguarded in a lawful and responsible manner.
We recognise that personal data is one of the most valuable assets in today’s digital economy, and as such, NovaCloud has implemented a comprehensive framework of policies, processes, and technical safeguards to guarantee that your information is handled with the highest level of care and confidentiality.
Our Compliance Principles
Accountability
NovaCloud takes full responsibility for ensuring that personal information under our control is managed in compliance with POPIA. An appointed Information Officer oversees data protection governance across all business units.
Lawful & Purpose-Specific Processing
Personal information is only collected for legitimate, defined, and explicitly stated business purposes. Information will not be processed for secondary or unrelated purposes without the consent of the data subject.
Minimal Collection
We follow the principle of data minimisation, collecting only the information that is absolutely necessary to deliver our services and meet our legal or contractual obligations.
Transparency
Individuals are fully informed regarding what personal information we collect, how it is used, how long it is retained, and under what circumstances it may be shared.
Security Safeguards
NovaCloud implements industry-leading technical, administrative, and physical security measures, including encryption, access control, network monitoring, and secure disposal procedures, to protect personal data against loss, misuse, unauthorised access, or disclosure.
Data Subject Rights
In line with POPIA, all individuals whose data we process have the right to:
Request access to the personal information we hold about them.
Request corrections or deletion of inaccurate, irrelevant, or excessive information.
Object to the processing of their personal information under certain circumstances.
Withdraw consent for processing where applicable.
Lodge a complaint with the Information Regulator of South Africa.
Third-Party Processors
Where personal data is shared with third-party service providers, NovaCloud ensures that binding data processing agreements are in place, requiring all partners to comply with POPIA and maintain equivalent standards of data protection.
Retention & Disposal
Personal information is retained only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Once no longer needed, data is securely destroyed, erased, or anonymised.
Implementation at NovaCloud
Internal Training & Awareness: All NovaCloud employees undergo regular POPIA awareness and data protection training.
Incident Response: In the event of a data breach, NovaCloud has a documented incident response plan which includes immediate risk assessment, mitigation, and timely notification to both affected parties and the Information Regulator, where required.
Privacy by Design: All our services, systems, and platforms are developed with built-in privacy and security principles, ensuring compliance is embedded into our technology stack.
Regular Reviews & Audits: Our compliance policies and technical controls are continuously reviewed and updated to remain aligned with evolving legal requirements, industry standards, and best practices.
Contact Information
For any POPIA-related inquiries, data access requests, or to exercise your data subject rights, please contact our Information Officer:
Information Officer
NovaCloud
📧 Email: legal@novacloud.africa
📞 Phone: +27 10 8800 789
